"Android’s April 2023 Updates Patch Critical Remote Code Execution Vulnerabilities"
Google recently announced the April 2023 security updates for Android devices, with patches for over 65 vulnerabilities, including two critical bugs leading to remote code execution (RCE). Google’s Android security bulletin for April 2023 describes 26 vulnerabilities resolved in the Framework and System components as part of the 2023-04-01 security patch level. Most of these are high-severity flaws leading to the elevation of privilege (EoP) or information disclosure. However, Google noted that two of the 16 issues addressed in System are critical-severity RCE bugs, tracked as CVE-2023-21085 and CVE-2023-21096. Google stated that the most severe of these issues is a critical security vulnerability in the System component that could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. Google noted that user interaction is not needed for exploitation. The second part of Android’s April 2023 security update arrives on devices as the 2023-04-05 security patch level and includes fixes for 40 vulnerabilities in kernel, Arm, Imagination Technologies, MediaTek, Unisoc, and Qualcomm components. While most of these bugs are rated high severity, four of the issues impacting Qualcomm components are considered critical severity.